[cups.general] FIPS Compliance

Michael R Sweet msweet at apple.com
Tue May 13 08:59:17 PDT 2008

Ryan Holliday wrote:
> ...
> This has the effect of disabling many of the Windows cypher suites,
> specifically SSL 2.0 and 3.0. However, SSL 3.1 and TLS 1.0 are
> supposed to be available. Reading the CUPS documentation it states
> that TLS 1.0 should be available, so I figured that would mean I can
> still send an encrypted print job to the server. However, when the
> registry setting is set I can not send and enctypted print job, or
> even connect to the web page. Is their something special I have to do
> in order to enable TLS, or are their any special cyphers I need to
> install in OpenSSL?

You might check the error_log on the Solaris system.  Basically, both
sides need to agree on a cypher, so you may need to recompile OpenSSL
on the Solaris system to enable more algorithms.

CUPS itself defaults to only accepting SSL 3.x and TLS 1.0
connections - we dropped SSL 2.0 support specifically on request
from DoD customers.

Michael R Sweet                        Senior Printing System Engineer

More information about the cups mailing list